Note: This article and some of the features it refers to are still in beta phase. If you find any discrepancies or need help, please reach out to us at [email protected].
Getting started
Enabling anomaly detection
The anomaly detection module can be enabled on https://anomaly.cryptolens.io/index.html. When this is done, it might take some time to train the model and find the anomalies.Analysing anomalies with Log Explorer
A summary of all anomalies can be found on the following page. When a log entry is classified as anomalous, it means that the group of requests that the log entry is part of was classified as anomalous. Not all requests within a group are anomalous. For log entries that are anomalous, three additional properties will be shown:- Group Id (Anomaly) - A unique identifier of the group of anomalous requests that the log entry is part of.
- Starting At (Anomaly) - The ID of the first log entry in the group.
- Ending At (Anomaly) - The ID of that log entry in the group.
Actions to take for suspected anomalies
Typically, groups of requests where there are many unsuccessful requests for a certain license key will be classified as suspected anomalies. This is usually caused when your customers have issues verify their license. If a license key was recorded, you can use it to find which customer it was. In other cases, you can use information such as the Machine Code and the Friendly Name as a way to identify the customer.Note: Some requests within a group of suspected anomalies can still be ok. The anomaly detection module looks at requests as a group and will classify a group of requests as anomalous if the usage pattern deviates from what it has seen previously.
How anomaly detection works
The anomaly detection module works by learning the historical distribution of your Web API logs. It analyses the logs as a group by examining the following parameters:- Time
- Successful (inferred from State)
- IP (anonymised)
- Key
- Product
- State
- MachineCode
- Country